Introducing the Adweek Podcast Network. Access infinite inspiration in your pocket on everything from career advice and creativity to metaverse marketing and more. Browse all podcasts.
When Google said this week it will delay the deprecation of third-party cookies in Chrome for the third time, it cited the need to give the U.K.-based Competition and Markets Authority sufficient time to review the cookie-replacement tools it’s developing.
These tools are called the Privacy Sandbox and the CMA, a regulatory body that must approve Google’s cookie deprecation plan before it can happen, wants to make sure that it doesn’t benefit Google at the expense of the rest of the ad industry.
The CMA’s quarterly report, published today, said that Google still needs to do more to prove the Privacy Sandbox isn’t anti-competitive, and it raises new concerns around consumer privacy, which it adopted from a preliminary assessment from another U.K. regulatory body, the Information Commissioners Office (ICO).
The combination of the longstanding concerns around anti-trust and new concerns around privacy in the latest CMA report doesn’t bode well for Google’s cookie deprecation plan.
“Google is further away than they were a quarter ago,” said Don Marti, vp of ecosystem innovation at publisher network Raptive.
Here are three of the biggest things Google must do before regulators will greenlight its cookie deprecation plan.
Google must prove that Privacy Sandbox is transparent with users that they are being tracked
The latest CMA report adopts some of the ICO’s consumer privacy concerns. The CMA wants Google to make the consent interface clearer for Topics API, and make sure partners using Protected Audiences API and Attribution API get user consent. All three APIs are part of Google’s Privacy Sandbox suite of cookie replacement solutions.
The report notes the ICO’s concern that the remarketing solution Protected Audience API will not incorporate many privacy-enhancing technologies until 2026, after the planned deprecation of third-party cookies.
“In the short term, the ICO has expressed concern that [Protected Audience] will not mitigate key privacy risks identified,” the report reads. “Longer term, we await sight of Google’s proposed governance process to determine if it provides sufficient assurance that planned controls will be delivered as currently outlined in the product roadmap.”
In a statement, Google said: “We welcome the dialogue with the ICO and are already working to address its feedback on how Chrome can best communicate to users about Privacy Sandbox. We also affirm the ICO’s expressed desire for sites and ad tech companies calling the Privacy Sandbox APIs to communicate clearly with their users and offer appropriate controls.”
The CMA wants Google to restrict the use of its first-party data, so it doesn’t grab all the ad spend
The CMA is keenly aware that the loss of third-party cookies in Chrome could cause more ad spend to flow to Google, and it wants Google to limit the use of its data to attract that spend.
“We are discussing with Google what further restrictions may be applied on Google’s use of first-party data to target and measure ads on Google’s owned and operated (O&O) inventory,” the report read. “We are conscious of the risk that ad spend could move away from open display and into O&O inventory (or ‘walled gardens’) – depending on the overall impact of the Privacy Sandbox changes.”
The CMA also doesn’t want Privacy Sandbox to force more of the industry into using Google’s ad tech and is particularly concerned that Protected Audiences API could preference Google’s ad server Google Ad Manager over other ad-tech tools.
“We have committed to design and implement the Privacy Sandbox proposals in a way that does not distort competition by self-preferencing our own business, and to take into account impact on competition in digital advertising and on publishers and advertisers, regardless of their size,” a Google spokesperson told Adweek, noting the company welcomes feedback.
The CMA also highlighted that Google’s attribution solution needs to be interoperable with other browsers, like Safari and Firefox.
The regulatory body is also looking into whether once cookies go away, Google will preference privacy sandbox over other replacement solutions.
Google must prove that Privacy Sandbox will continue to be fair over the long term
One of the CMA’s greatest concerns is how the Privacy Sandbox will police the industry and itself after implementation. A Google spokesperson told ADWEEK that the company agrees that a governance model is critical to the success of Privacy Sandbox.
For instance, the CMA wants to ensure that Google’s interest-based targeting solution Topics is fair to all publishers and is not biased toward Google. And it wants to ensure the attribution reporting API will always collect as little user data as possible.
“Google currently retains significant discretion over how Privacy Sandbox works,” the report says. “This creates a risk of self-preferencing.”
